From 14b024751fdb86b3b88501d5fd60a780edbcda2c Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 21 Feb 2025 21:33:43 +0000 Subject: [PATCH 1/6] Add a `.` separator to the prefix to capture ex: `secret.world:` --- generic/patterns.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generic/patterns.yml b/generic/patterns.yml index 409432d..f5493e3 100644 --- a/generic/patterns.yml +++ b/generic/patterns.yml @@ -107,7 +107,7 @@ patterns: pattern: | (([A-Za-z0-9+/]){4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==) start: | - (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_-][a-z0-9]+){0,3}([ \t]+As[ \t]+String)?[\t ]*(={1,3}|:)[\t ]*(?:["']|b["'])? + (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_\.-][a-z0-9]+){0,3}([ \t]+As[ \t]+String)?[\t ]*(={1,3}|:)[\t ]*(?:["']|b["'])? end: | (\z|[\r\n'"]) additional_match: From d31f3325ca8e89ee0df37ae21538e78c38e56a91 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 21 Feb 2025 21:47:09 +0000 Subject: [PATCH 2/6] Allow \n instead of just \t for multi line yaml --- generic/patterns.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generic/patterns.yml b/generic/patterns.yml index f5493e3..2ad5f64 100644 --- a/generic/patterns.yml +++ b/generic/patterns.yml @@ -87,7 +87,7 @@ patterns: pattern: | [0-9a-f]{32}|[0-9a-f]{40}|[0-9a-f]{64} start: | - (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_-][a-z0-9]+){0,3}([ \t]+As[ \t]+String)?[\t ]*(={1,3}|:)[\t ]*(?:["']|b["'])? + (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_\s-][a-z0-9]+){0,3}([\s]+As[\s]+String)?[\s]*(={1,3}|:)[\s]*(?:["']|b["'])? end: | (\z|[\r\n'"]) test: From 1e8bd345b39820555b05d9f61cefbc794b4a80ef Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 21 Feb 2025 21:47:22 +0000 Subject: [PATCH 3/6] Added \|? after the colon to optionally match the pipe character. --- generic/patterns.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generic/patterns.yml b/generic/patterns.yml index 2ad5f64..302d4f1 100644 --- a/generic/patterns.yml +++ b/generic/patterns.yml @@ -87,7 +87,7 @@ patterns: pattern: | [0-9a-f]{32}|[0-9a-f]{40}|[0-9a-f]{64} start: | - (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_\s-][a-z0-9]+){0,3}([\s]+As[\s]+String)?[\s]*(={1,3}|:)[\s]*(?:["']|b["'])? + (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_\s-.][a-z0-9]+){0,3}([\s]+As[\s]+String)?[\s]*(={1,3}|:)[\s]*\|?[\s]*(?:["']|b["'])? end: | (\z|[\r\n'"]) test: From 2e56fa1f68da65cfb7fa17cc59f947af0ad0f282 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 21 Feb 2025 22:11:19 +0000 Subject: [PATCH 4/6] Expecting this test suite to fail ! --- generic/auth-secret.yaml | 20 ++++++++++++++++++++ generic/patterns.yml | 7 +++++++ 2 files changed, 27 insertions(+) create mode 100644 generic/auth-secret.yaml diff --git a/generic/auth-secret.yaml b/generic/auth-secret.yaml new file mode 100644 index 0000000..4ab1780 --- /dev/null +++ b/generic/auth-secret.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-ssh-auth +type: kubernetes.io/ssh-auth +data: + # the data is abbreviated in this example + ssh-privatekey: | + UG91cmluZzYlRW1vdGljb24lU2N1YmE= +--- +apiVersion: v1 +kind: Secret +metadata: + name: sample-secret + labels: + findme: "yea" +type: Opaque +data: + # base64 encoded: my super cool \n multiline \ secret + secret.world: bXkgc3VwZXIgY29vbAptdWx0aWxpbmUKc2VjcmV0 \ No newline at end of file diff --git a/generic/patterns.yml b/generic/patterns.yml index 302d4f1..08e3396 100644 --- a/generic/patterns.yml +++ b/generic/patterns.yml @@ -119,6 +119,13 @@ patterns: data: password="AAAAAAAAAAAa00==" start_offset: 10 end_offset: 26 + expected: + - name: auth-secret.yaml + start_offset: 14 + end_offset: 25 + - name: auth-secret.yaml + start_offset: 41 + end_offset: 62 comments: - "The Base64 must contain numbers, upper case and lower case and be at least 12 characters long" - "`password`, `secret`, `key`, or password like prefix (fuzzy)" From db5258f9912a431b170c6f5b51a450c785c5bff9 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 21 Feb 2025 22:46:57 +0000 Subject: [PATCH 5/6] Unit test fixes - multi line one is weirdly reporting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ❌ unexpected result '|' for 'Generic Passwords' in path 'generic'; auth-secret.yaml:159-160 --- generic/patterns.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/generic/patterns.yml b/generic/patterns.yml index 08e3396..d6f4c26 100644 --- a/generic/patterns.yml +++ b/generic/patterns.yml @@ -121,11 +121,11 @@ patterns: end_offset: 26 expected: - name: auth-secret.yaml - start_offset: 14 - end_offset: 25 + start_offset: 159 + end_offset: 160 - name: auth-secret.yaml - start_offset: 41 - end_offset: 62 + start_offset: 381 + end_offset: 421 comments: - "The Base64 must contain numbers, upper case and lower case and be at least 12 characters long" - "`password`, `secret`, `key`, or password like prefix (fuzzy)" From b031e553b7cbf64a53cd3d0a3ba4d2d14ea015a4 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 21 Feb 2025 18:10:04 -0500 Subject: [PATCH 6/6] Fix oopsy --- generic/patterns.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generic/patterns.yml b/generic/patterns.yml index d6f4c26..9695e8f 100644 --- a/generic/patterns.yml +++ b/generic/patterns.yml @@ -87,7 +87,7 @@ patterns: pattern: | [0-9a-f]{32}|[0-9a-f]{40}|[0-9a-f]{64} start: | - (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_\s-.][a-z0-9]+){0,3}([\s]+As[\s]+String)?[\s]*(={1,3}|:)[\s]*\|?[\s]*(?:["']|b["'])? + (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_-][a-z0-9]+){0,3}([ \t]+As[ \t]+String)?[\t ]*(={1,3}|:)[\t ]*(?:["']|b["'])? end: | (\z|[\r\n'"]) test: @@ -107,7 +107,7 @@ patterns: pattern: | (([A-Za-z0-9+/]){4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==) start: | - (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_\.-][a-z0-9]+){0,3}([ \t]+As[ \t]+String)?[\t ]*(={1,3}|:)[\t ]*(?:["']|b["'])? + (?:\A|[^a-zA-Z0-9])(?i)[a-z0-9._-]*(?:api|auth[a-z]+|jwt|mysql|db)?[_.-]?(?:pass?(?:wo?r?d|code|phrase)|secret|key|token)([_\s-.][a-z0-9]+){0,3}([\s]+As[\s]+String)?[\s]*(={1,3}|:)[\s]*\|?[\s]*(?:["']|b["'])? end: | (\z|[\r\n'"]) additional_match: